Update the authorizer API so that it reports the database that table and
indices belong to and so that it reports when actions are taken in response
to a trigger. (CVS 928)
FossilOrigin-Name: c675a5504138f34cae6def782b5d3add2c67d2bc
diff --git a/src/auth.c b/src/auth.c
index b47e657..47b6600 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -14,7 +14,7 @@
** systems that do not need this facility may omit it by recompiling
** the library with -DSQLITE_OMIT_AUTHORIZATION=1
**
-** $Id: auth.c,v 1.5 2003/04/16 20:24:52 drh Exp $
+** $Id: auth.c,v 1.6 2003/04/22 20:30:38 drh Exp $
*/
#include "sqliteInt.h"
@@ -52,7 +52,7 @@
*/
int sqlite_set_authorizer(
sqlite *db,
- int (*xAuth)(void*,int,const char*,const char*),
+ int (*xAuth)(void*,int,const char*,const char*,const char*,const char*),
void *pArg
){
db->xAuth = xAuth;
@@ -94,7 +94,12 @@
Table *pTab; /* The table being read */
const char *zCol; /* Name of the column of the table */
int iSrc; /* Index in pTabList->a[] of table being read */
+ const char *zDBase; /* Name of database being accessed */
+ const char *zTrig; /* Name of the trigger doing the accessing */
+ TriggerStack *pStack; /* The stack of current triggers */
+ pStack = pParse->trigStack;
+ zTrig = pStack ? pStack->pTrigger->name : 0;
if( db->xAuth==0 ) return;
assert( pExpr->op==TK_COLUMN );
iSrc = pExpr->iTable - base;
@@ -104,7 +109,6 @@
/* This must be an attempt to read the NEW or OLD pseudo-tables
** of a trigger.
*/
- TriggerStack *pStack = pParse->trigStack;
assert( pStack!=0 );
assert( pExpr->iTable==pStack->newIdx || pExpr->iTable==pStack->oldIdx );
pTab = pStack->pTab;
@@ -119,12 +123,19 @@
}else{
zCol = "ROWID";
}
- rc = db->xAuth(db->pAuthArg, SQLITE_READ, pTab->zName, zCol);
+ assert( pExpr->iDb>=0 && pExpr->iDb<db->nDb );
+ zDBase = db->aDb[pExpr->iDb].zName;
+ rc = db->xAuth(db->pAuthArg, SQLITE_READ, pTab->zName, zCol, zDBase, zTrig);
if( rc==SQLITE_IGNORE ){
pExpr->op = TK_NULL;
}else if( rc==SQLITE_DENY ){
- sqliteSetString(&pParse->zErrMsg,"access to ",
- pTab->zName, ".", zCol, " is prohibited", 0);
+ if( db->nDb>2 || pExpr->iDb!=0 ){
+ sqliteSetString(&pParse->zErrMsg,"access to ", zDBase, ".",
+ pTab->zName, ".", zCol, " is prohibited", 0);
+ }else{
+ sqliteSetString(&pParse->zErrMsg,"access to ", pTab->zName, ".",
+ zCol, " is prohibited", 0);
+ }
pParse->nErr++;
pParse->rc = SQLITE_AUTH;
}else if( rc!=SQLITE_OK ){
@@ -142,14 +153,18 @@
Parse *pParse,
int code,
const char *zArg1,
- const char *zArg2
+ const char *zArg2,
+ const char *zArg3
){
sqlite *db = pParse->db;
int rc;
+ const char *zTrigName;
+
if( db->xAuth==0 ){
return SQLITE_OK;
}
- rc = db->xAuth(db->pAuthArg, code, zArg1, zArg2);
+ zTrigName = pParse->trigStack ? pParse->trigStack->pTrigger->name : 0;
+ rc = db->xAuth(db->pAuthArg, code, zArg1, zArg2, zArg3, zTrigName);
if( rc==SQLITE_DENY ){
sqliteSetString(&pParse->zErrMsg, "not authorized", 0);
pParse->rc = SQLITE_AUTH;